From 41a852eaace2554c9cbaa932d19dd7f06ee44a2a Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 06:33:53 +0200 Subject: [PATCH 1/7] #943: keycloak export of pitc without tenant claim mapper --- .../realm-export-pitc-without-tenant.json | 4176 +++++++++++++++++ 1 file changed, 4176 insertions(+) create mode 100644 docker/config/realm-export-pitc-without-tenant.json diff --git a/docker/config/realm-export-pitc-without-tenant.json b/docker/config/realm-export-pitc-without-tenant.json new file mode 100644 index 0000000000..3219d3bbcd --- /dev/null +++ b/docker/config/realm-export-pitc-without-tenant.json @@ -0,0 +1,4176 @@ +[ { + "id" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "realm" : "pitc", + "displayName" : "", + "displayNameHtml" : "", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "758171cd-58e2-43b6-bd0e-9afb7c2ca2f9", + "name" : "org_pl", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "2717bcd3-3627-460b-b861-571ad8eee0e5", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "2b173cac-d60e-49e5-be20-454e79199c57", + "name" : "org_midcicd", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "d03eeb03-ad4d-4ce2-acd2-113f169669b7", + "name" : "org_personal", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "f57969cb-5493-4a32-84d4-2d80e708f4fc", + "name" : "org_gl", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "3901aadc-7c91-4568-9e2a-b32934893505", + "name" : "org_mobility", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "e48beabd-4526-4d3d-8958-b45ab2437b9f", + "name" : "org_de", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "db421806-c825-4810-93ac-79b63865c7f2", + "name" : "org_devruby", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "fd4def8e-01d9-488a-bcb8-209914b4601f", + "name" : "org_racoon", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "d6210295-f6f2-4692-b17b-783079135546", + "name" : "org_sys", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "9ceb6dbb-475f-467a-a126-ad70171f861a", + "name" : "org_midcontainer", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "9c802ad9-a0dd-42fd-873d-56335bbe941e", + "name" : "org_bl", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "9f248491-cbde-4bb0-9c8a-9568a5dbefef", + "name" : "default-roles-pitc_okr_staging", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "4f6337f3-71af-41f1-9917-dfa355bd71c4", + "name" : "org_security", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "0add4da2-883a-412a-8b79-bdd6eef545a6", + "name" : "org_devtre", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "a78755f9-37b1-4cb8-8155-31d0572c1c42", + "name" : "org_zh", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "f65332f6-e9bb-4e0f-a09f-8270b0c0be56", + "name" : "org_azubi", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "5a108868-05e6-4630-b742-492115fc75a4", + "name" : "org_ux", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + }, { + "id" : "15857402-0e96-462e-adf6-1d9c70b258b1", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "75eecef4-3714-4de8-acfa-aa76525b95d3", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "fe725fba-bbbf-476a-a3f3-7a59452212a2", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "18ecca0b-05b4-45ca-9e1b-ea1bba244f39", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "90cae136-5144-47c0-a540-17eec780e795", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "df140639-114b-4f92-b1cb-aeefea5b078b", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "cddeda6b-e03a-413b-b78b-6379c21b1d7f", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "7a056ff2-3b4b-4386-9333-8ad7c52e36b5", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "01f03112-3ee3-4fd6-b8d1-458ea59ef39a", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-authorization", "view-clients", "manage-realm", "manage-users", "query-groups", "query-clients", "create-client", "manage-clients", "query-realms", "manage-authorization", "view-identity-providers", "view-users", "manage-identity-providers", "manage-events", "impersonation", "view-events", "view-realm", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "c74331e3-3834-4700-be56-c8eedcf2df98", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "84a5f824-160d-4d33-bf11-a855e6cde237", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "732214ee-0d66-4f35-8bff-3585aeb0de35", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "191d604c-926d-456c-be2a-59d0fca2ad6a", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "ca0a5e14-4ade-4e3f-9208-da612db93ac7", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "ae8096f8-3ffb-49dd-80c6-029421271e83", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "d54c9636-6847-4d05-a60e-0481ce199d9c", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "e0bc7c6c-dacd-4133-abdb-df60c0c3e51b", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "9f41add7-9ebd-49d2-aa63-a5d5755c3bc3", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "51efcc02-7301-4652-8df4-6d6c67b1157a", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + }, { + "id" : "45c050fe-1214-4dc0-b805-33946ab7e0b4", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "pitc_okr_staging" : [ ], + "account-console" : [ ], + "acme_okr_staging" : [ ], + "broker" : [ { + "id" : "ede9fd28-4126-4111-bf9b-acce73510196", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "25604a69-806e-4351-84ce-cc288e714d9c", + "attributes" : { } + } ], + "account" : [ { + "id" : "8f26d992-4082-4cd5-962f-a2e5c43f76a1", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "7240905a-8cb9-4774-8718-30685e753c4e", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "c73ec80b-a72a-4174-a5b6-e14cefd9245d", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "d281db86-b681-4013-8f64-ce1291194f8d", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "f1096785-b647-4954-9bb9-b9a9d743084a", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "f91e2006-e8fa-408e-9c05-07d44d9259ce", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "d65ebb97-5679-4595-a8e6-ca959035fa04", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + }, { + "id" : "a4ef81f0-2907-4c09-9bff-df774b0cda1f", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "9f248491-cbde-4bb0-9c8a-9568a5dbefef", + "name" : "default-roles-pitc_okr_staging", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "43b9ddfb-26f5-49a8-852b-0e4f447f4a0b" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "6683aba6-3c73-4568-8686-983c2530078f", + "username" : "bbt", + "firstName" : "Ashleigh", + "lastName" : "Russell", + "email" : "bbt@bbt.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "8744569d-dd7d-4dfe-8dcf-3d33fe50c6b6", + "type" : "password", + "createdDate" : 1718165822866, + "secretData" : "{\"value\":\"DIDQNa5jTM6E+Ovq9PzGveym4bpDu4lUciVcO3yGiPr2oPtpH11V3Gd//KvlnVhFeeklJEUVFXqFUUmWSDmo8g==\",\"salt\":\"SKhRO7hVvFdIr9MDATLolg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pitc_okr_staging", "org_azubi" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "21126ada-e288-446f-b62f-bdb1eefbbc22", + "username" : "bl", + "firstName" : "Esha", + "lastName" : "Harris", + "email" : "bl@bl.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "4bddf197-533d-4bba-bceb-f05766744350", + "type" : "password", + "createdDate" : 1718165823243, + "secretData" : "{\"value\":\"PAmGSxT+WSehDXQQAnr0slGSdSlVOHxhmrrFgP+fiwgHfc94cqRwtVDbCZcEwt/ryqf+jUW5pYYjkVqgaZpLZg==\",\"salt\":\"uhpqWbnYsbpWXzXY1JyU/A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "org_bl", "default-roles-pitc_okr_staging", "org_mobility" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "35bcff93-8e80-46a3-a725-6a0b821c2736", + "username" : "bl-mid", + "firstName" : "BL", + "lastName" : "Mid", + "email" : "bl@mid.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "ba66e78e-fd90-4e64-abe1-69a1e022f69c", + "type" : "password", + "createdDate" : 1718165823793, + "secretData" : "{\"value\":\"tRASJJ+IfTaMj2E19zxM23/9ZuqMqO25aiY9AqoSPbBsg4EUZE2rx3LrM0cvePnA+0ngHyQR7fvaUtYEYc5xgw==\",\"salt\":\"C6z/xcVTodbE8O98+xlLqg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "org_midcontainer", "org_bl", "default-roles-pitc_okr_staging", "org_midcicd" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "d7ba6c63-3570-4b14-874d-23c138e374f5", + "username" : "bl-mob", + "firstName" : "BL", + "lastName" : "Mobility", + "email" : "bl@mob.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "eac31cb9-4965-4407-9bbd-778d3b140c36", + "type" : "password", + "createdDate" : 1718165823611, + "secretData" : "{\"value\":\"LjtEmSUupSZg9KfMaYqHgG8pXaUElZm9u6PGuzrEvJz++ZswvUqnzH+Q3845DGHtb6V3NXtp54rmrj/RdfeMaQ==\",\"salt\":\"sTeXKvAURbq30J8yMAIF3g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "org_bl", "default-roles-pitc_okr_staging", "org_mobility" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "df109c17-4e05-4520-a8ed-5f03f4d553fe", + "username" : "bl-ruby", + "firstName" : "BL", + "lastName" : "Ruby", + "email" : "bl@ruby.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "e55a6ad0-6304-46e1-bfa9-94d22315cf09", + "type" : "password", + "createdDate" : 1718165823977, + "secretData" : "{\"value\":\"93rsiR7Acc9qUnEl/6xFK5x6CqoNTItZTuY5Wr9wKILIJGUGiduDGSDxSN5seGOUH8vkShBMQW0pjQIIH7IwxQ==\",\"salt\":\"tzTEy2/vavMryJgrid2YSA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "org_bl", "default-roles-pitc_okr_staging", "org_devruby" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "cca7d72a-614f-4389-bc83-cad775feeedc", + "username" : "bl-sys", + "firstName" : "BL", + "lastName" : "Sys", + "email" : "bl@sys.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "fc9ca757-36ea-4f94-be31-a3ee1867a9a3", + "type" : "password", + "createdDate" : 1718165824159, + "secretData" : "{\"value\":\"0CQ2VJI4gPIbZR9YL48Mnazh5P/ZI24e6Y7YjV6lQAA5C7scMI5lVKVQnl0aSqABQWQsVQjK6vJc80ZpEW47Vw==\",\"salt\":\"Lwh4jiTEJF2UC0NR/wIuNg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "org_sys", "org_bl", "default-roles-pitc_okr_staging" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "e5991773-7d4f-40ec-93a2-2101a499dd3b", + "username" : "gl", + "firstName" : "Jaya", + "lastName" : "Norris", + "email" : "gl@gl.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d1ad0bf4-6b09-4a98-af1d-1e86cb9b7e70", + "type" : "password", + "createdDate" : 1718165823058, + "secretData" : "{\"value\":\"Z/tjx4wa7zzUiVvBzSKdqxnSSXHotGbMZPneCqB5QxmrcbvvHvMcwL5Td1XRw8Gq6DK04GFjexWO7dsRnsaquQ==\",\"salt\":\"0Hfr6Dqv7r2NCeq2tUUyaw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pitc_okr_staging", "org_gl" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "5d735cca-1554-45e7-b485-e3a60a26ba54", + "username" : "member", + "firstName" : "Abraham", + "lastName" : " Woodard", + "email" : "member@member.com", + "emailVerified" : true, + "createdTimestamp" : 1700823629490, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "ff106929-7d3a-4c28-a5ee-8defab68dc17", + "type" : "password", + "createdDate" : 1718165823429, + "secretData" : "{\"value\":\"mmsqTW5hLOXY41slfdlOwwT7O8Tj8yXkdi04a83jvH363IkFSKgykC6WT6iprtcVBZy6eBQIYfroXGxfyDm3ZQ==\",\"salt\":\"lCHJ0hW7qH+XxTdmUDiZAg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pitc_okr_staging", "org_mobility" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "pitc", + "roles" : [ "org_gl", "org_bl", "offline_access", "org_azubi", "default-roles-pitc_okr_staging", "uma_authorization", "org_mobility" ] + }, { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "d21323ce-46e9-4a10-ba1a-c58c8f1e088c", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/pitc/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/pitc/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "577ef857-c6d4-4561-94f2-dd8dd1e7b86d", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/pitc_okr_staging/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/pitc_okr_staging/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "d3070834-c98d-4c56-9f29-273a9f7dc7a4", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "cc837e05-bf8f-4529-9aa4-1b6df6bfbede", + "clientId" : "acme_okr_staging", + "name" : "OKR-Tool-Staging - Acme", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://acme.okr.localhost:4200/*", "https://acme.okr-stag.ocp.cloudscale.puzzle.ch/auth/keycloakopenid/callback*", "https://okr-stag.ocp.cloudscale.puzzle.ch/auth/keycloakopenid/callback*", "http://acme.okr.localhost:8080:/*", "https://okr-stag.ocp.cloudscale.puzzle.ch:*", "http://acme.okr.localhost:8080/*", "https://acme.okr-stag.ocp.cloudscale.puzzle.ch:*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "frontchannel.logout.url" : "https://okr.ocp-internal.cloudscale.puzzle.ch", + "post.logout.redirect.uris" : "http://acme.okr.localhost:4200/*##https://okr-stag.ocp.cloudscale.puzzle.ch:*##http://acme.okr.localhost:8080/*##http://acme.okr.localhost:8080:/*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "use.refresh.tokens" : "true", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "false", + "client_credentials.use_refresh_token" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "require.pushed.authorization.requests" : "false", + "acr.loa.map" : "{}", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "client_acme", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "acf762e9-719e-466d-9ef5-956eed3cfa5a", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "25604a69-806e-4351-84ce-cc288e714d9c", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6b3dc034-2a41-4230-a27d-493833919a5a", + "clientId" : "pitc_okr_staging", + "name" : "OKR-Tool-Staging - PITC", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://okr-stag.ocp.cloudscale.puzzle.ch/auth/keycloakopenid/callback*", "http://pitc.okr.localhost:4200/*", "https://okr-stag.ocp.cloudscale.puzzle.ch:*", "http://pitc.okr.localhost:8080/*", "https://pitc.okr-stag.ocp.cloudscale.puzzle.ch:*", "https://pitc.okr-stag.ocp.cloudscale.puzzle.ch/auth/keycloakopenid/callback*", "http://pitc.okr.localhost:8080:/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "frontchannel.logout.url" : "https://okr.ocp-internal.cloudscale.puzzle.ch", + "post.logout.redirect.uris" : "http://pitc.okr.localhost:4200/*##https://okr-stag.ocp.cloudscale.puzzle.ch:*##http://pitc.okr.localhost:8080/*##http://pitc.okr.localhost:8080:/*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "use.refresh.tokens" : "true", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "false", + "client_credentials.use_refresh_token" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "require.pushed.authorization.requests" : "false", + "acr.loa.map" : "{}", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "pitc", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f5757601-9812-4aec-8585-f91b79eb3c6e", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5ca5c001-3711-4811-b98a-7deb75497f5d", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/pitc/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/pitc/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "89fe5321-673c-4b04-9983-781432d79a30", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "705ad3ff-5d11-4b80-ae54-1e58f40be825", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "40d11fc9-9e90-436a-a737-0ef68ecb09ca", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "180565c2-6598-46ba-ae99-b3bfb40c7f0e", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "25d825b0-9567-4942-8e9b-4d061bc50825", + "name" : "pitc", + "description" : "", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "gui.order" : "", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "76b7042a-f8ed-47e6-a282-6451e953187d", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "false", + "user.attribute" : "foo", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "pitc.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c851f7fc-e969-482a-8225-c285a448012c", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "9ba260e1-f22e-4451-9c16-6e5cda491023", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "b6890e43-9679-4036-8187-372459fc274e", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "b97db7aa-ad6b-4e42-bc27-4b53a52e76a9", + "name" : "client_acme", + "description" : "Maps claim tenant to acme ", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "gui.order" : "", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "ad4696ac-59cc-41ab-b90b-cab8a07e03f9", + "name" : "Tenant ACME claim mapper", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-hardcoded-claim-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "claim.value" : "acme", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "tenant", + "jsonType.label" : "String", + "access.tokenResponse.claim" : "false" + } + } ] + }, { + "id" : "9dcb6931-c86a-45c1-94d1-62110e58a64d", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "bfaecd30-a8c8-4b13-b940-4b60a9048f71", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "e3015444-a867-4daf-a02e-384bf12e1a46", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "1e71985c-dd3f-41e2-9b38-b5e1d2185c0f", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "cb4d4396-070d-4512-93f6-0dd999644bc1", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "58c5a94e-3f63-49d4-b57a-3ed45087c03b", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "a940ae28-1090-4660-84e2-a4396485aba2", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "c5c938a2-7ddd-4b96-8806-db7aaaf1883e", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "801d2478-da8e-4b8e-8125-de57e8952d21", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "26df33bb-d365-49eb-ae05-5c26d2da824c", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "077f8ae6-5c99-4888-b8cc-bd529795dd9a", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "645b1072-ec42-4d71-90ca-a2ba00f057ca", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "ae5aab45-5e3a-4856-b301-8c2a16a35368", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "70dcf380-a212-45e6-8bfa-a89590e8b824", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "84cf501f-192b-4c34-baa2-a01e38d0d102", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "fe02f8c6-5957-49d1-846c-17ae34f686ab", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "1f58896d-5cad-4226-8a96-cb9b772be039", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "697388d3-7e68-428e-af22-ec749d6dbeb1", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "f5159dc2-4d3a-4daf-bc5e-1c8c4d349ddf", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "95edb5a7-a039-4fa8-9bd8-6cf1c0004ff1", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "462051d5-029e-4fd2-9369-8f543415efe3", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "edecee36-099c-4cb5-9f28-5c81c4213919", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "515536ae-261d-4a86-9021-7ad57ee9d1c7", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e4306684-bbdc-491d-85ac-a27a76c575a4", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "044ae227-c291-48a6-9511-c865657d8d29", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "0e0a238c-0cea-4f62-a278-b4af1aedeb0f", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "70411dc1-c84c-4daa-b0f7-58e66a0a644a", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "profile", "email", "web-origins", "acr", "pitc" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt", "client_acme" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "e17e98d3-eb1f-4ce4-9c3c-009b29e3ac06", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "825d03dd-56f9-4516-bdf4-0d429f410c96", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ] + } + }, { + "id" : "ca3537dd-70b8-4077-9718-60844c658ce3", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "27924afa-35e7-4701-9f02-fc97aa85a357", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "aed582be-e3d4-4eeb-a108-951ad8807971", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "4a22bcac-2e91-4e73-a063-9d888cc46cdb", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "e49dea0a-880b-4cfd-a266-b7fe6dc2acf0", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "e00bdb9f-8495-4d78-98e7-57ead89f9bb2", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "9fe82fb7-4892-48d5-8906-3d58a9a05d1e", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "17a2a313-2090-4fff-8fd6-317332409c1f", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "6d19e270-2542-45fe-8c9a-8de7aca6733e" ], + "secret" : [ "BNBwMZzkG4gOqzG0LOS4DpdBOlqEXUTAqafLLEHohL5cbYH38JKadCaC73RdW1xp3bH2TTkvN6wx4qf8UjnrtCaHwtRM7TjfQ3sTkluBnLwv64EdLIk-_6r3VgSo_3Jk05ynW4YWlpf1dHRTCfzUP9nyxyUg3l1QO_mwMdOkjfw" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "4b17c76a-249a-4397-b0b9-eff96aedb59d", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEArd+npXyqpHCm+BR2IlNalnaHF4Y47YcSuFvureWAvZU/R/Ys/vbxi5M9CbbpaOFK6vih7HydjB0MAL8yfXQ+8VgUlOIcxlD3ELqyf21102zGpWlVSBc6WaRms+yZbVrfd9w93zNDEKuezqleJ/Umg0P7YF6vVPzn2aNlQ2B1OEebHIYrUjUuIE9MlrdFrm+VtpZRoZbNdjjMu+TGSTzyR0G27RNNsg8+5pSd4J3NxVui85vBL3dqM8fzIGxR/GAFQswosMyh9j+8TTQsk5PHjR+nUmYdo2FuZeO1uWcOP9303gpcZGL6I9mL+pbcy8DmlQ5o4AeGr72N8xqLrTrccwIDAQABAoIBADMuIW/x6VzsGAnwI/HorUKa8xr2lG0+lEEWNoSTiLjFZNIu4YHPeLxIA/CHGd+YaXAO7cLpz4o9xpm1rgwFmr152t0UTboGfSM8gWxG8Sbh3vszrTnCNJfMb7rIi0UIOb1TZBb+ROB0VBOrAR8r50E+UpFEbcHLjAehNB6IFxkQZlSLX+B40HUPXK00aUek75HiU/V6eEWXjVYvLPVkWPe+akEwmyGM/84TDATnC1R9BEz7jJRodTq6gGXxdG1kwUkapKMIw0J7deJVw4ZWtvjVrAcPEbUBx6aNocqohQlZyYv/IooPZqbTakz9TgkEfb/ujK+SYFfOzRfK0muCmIkCgYEA4hDGhZXpaIac0kCCV7zqbs7MJNdbw6u4674YblRI+LRdtPFWIrn+RzSqE1RdLXK4AmbIVnpOhjM//T8SJVCX9nRo6HPSOSBA5Nkwqn3lMBgWO0atfACnpuwx9wCYE+Oep+TDq5Mpjo5LYVasObkOUxjH25eiCpugjRGEJUSilmUCgYEAxOWqmEtr94aCscy16WQUuNRc+YCWV5hCjqATWg8vQy8GiZX/EIg/cv1Y6QHrqnRQn5TUdS24nUFBLJ1sPnEwqOC6d7nml8UsGiqX0gZCMc/FgXsqQYe2whHjoyRf4cWd65W5vP84bcVT+Vk49XOeK1Vc2e5lPzfIReSTEPt8LfcCgYB2nLqsyJVo5IhPwM0i39pZPWPbSKu7JNSnzFvhN5P5+hjYoW/CVLhYAAfkkHU7LV/i0q72wMGGpElExNzuezTgeP+6R1rb4lJqQJLKQbgI3fp8K39G+sj8Sh2FLeidNua9zMfltBcv1vUyI1nGB5S+gNgMHalFy5YXrkMZksOECQKBgBmWk04JdzWK2I9MwFNde0ft6UtPh7pIglXQvdMVaBn+EYZt5OD8I+rIu/ZEFqFnTlb+24GC+JwPL+4hY0DWKvG3iuQmV65fpHSeFm7n+1BH5S4HmJ09iuW7t26rOn631OcZ5TKHpIi3fUtJahqT9PlCtbdowOWvVSqoIuixFhlPAoGAQargo95lMYotXHNDA2ZZIvREiS97M89qxfRx+2xDZFYd52FqlJhM+0JLIwA+/0wU06zRQ8/jC0enfy0BHueb2X0GYvi/fMt56O5VKr0BurvZlg79jjsTk7clIw0L/FNHzVaq+sSPm9XSvfkLtznLW8znDq/NrAof6b0RasTQHKE=" ], + "certificate" : [ "MIIClzCCAX8CBgGQCqncbDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARwaXRjMB4XDTI0MDYxMjA0MTUyMloXDTM0MDYxMjA0MTcwMlowDzENMAsGA1UEAwwEcGl0YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3fp6V8qqRwpvgUdiJTWpZ2hxeGOO2HErhb7q3lgL2VP0f2LP728YuTPQm26WjhSur4oex8nYwdDAC/Mn10PvFYFJTiHMZQ9xC6sn9tddNsxqVpVUgXOlmkZrPsmW1a33fcPd8zQxCrns6pXif1JoND+2Ber1T859mjZUNgdThHmxyGK1I1LiBPTJa3Ra5vlbaWUaGWzXY4zLvkxkk88kdBtu0TTbIPPuaUneCdzcVbovObwS93ajPH8yBsUfxgBULMKLDMofY/vE00LJOTx40fp1JmHaNhbmXjtblnDj/d9N4KXGRi+iPZi/qW3MvA5pUOaOAHhq+9jfMai6063HMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADkLM+iWie/sDrXU8Wp/25pvYdkWLGI3JPY2TBXagWsIRcXcIYrAMUXbbiNCLYBlBBywZ7EqXmAqgX8dpO1RrPwCx6/D9JWkST4VpP+0wq9wSu+GnE/s0pBdCOoe2OR8mGnrHS52Ow7gB5a1cQhrHLgN9cYKAaZa9GlBwcJCgcXqhl9/SXEgi1kkhMOPLmp5VY+M63vCaQWtaf3WBmucafFPKTsrNxpWHkqNIeUObL4uRLDF40pE7n2puC5QzUA6RixRC22K8ImtW2ryHpFjfOiDfaSB0PelvpgDJk0OUzOQIkEdoKI7CO0w6yLMOnlHfH9H6ki/0WCcFhkJRW/3eog==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "1c92da1a-c6d9-4444-8cbe-7f088b3d5212", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "eb53c778-a508-4595-b24c-9cbfca0176c6" ], + "secret" : [ "out3fYJ86O16kiPhVKpoKsz7ZNEj9tQ4P2uas6e19pjmw8iqT5KJ5Adeh3enLxjPPQ503FL8zvlL-EUrSv_xQUmxKctPanqH6wYxd5KvrEPe-GqGBsa-vmjqPGtpk2TJplRnJnO7x3t_AZxG-YoI9Cahnr_lMZ3HYNODgMLMbRE" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "c622e2d0-6459-4454-baee-c6277ba285ce", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAuyM866bM96xJmLvXMKfks2qJ++17WhnE2QgPcVGmAif0l+pNcrciQitubhIi4t1WSPPKzmmHdtCRy4i67nZVE7LobE9PLy7YKTJkBeXsaMGZxJ4YQ33ACvcNrDzj957ypexyFaQUmlM4SjDdaIUjhjgR3kkEI5vAqR5Mb0eBlmzN3jvVe7JN7s6mohOXG7+VrIuHlSH1/kbz8jtu+YHCFNFF5uLS/m6Bjg6QAOF4KLxgyxg6dGclPC7RkbuVWHhbd+kF00z5XpOCGbJ3MVgR5JmV+/Nhp9qpwa6InkqLWeFCcwzO+hdJ0Ts+R5LzTuqynEDnqvA8N8U18HoHuSFMKQIDAQABAoIBAAeDN9e/fbNp2JdaX3O3TRZ5Tf0IaNHCXqf2UNVkJAQ/5EvhdswRR0gtVsIciwc9FWYkGFsOkDxAOFbPCu8WCR67dCUd+XWGfZxzcWHDEVQCxVMn+XIjLG2cQvxMQlFvZs8WVbL3SsbyapGgPNE3JWi8MUEcK1+pFJQi0IoimR89C82GWsFdnlmLg7pFz5xB+zMtBbEf/HDnAr14Y82+18Qtuxd4YNPtdslYJordLMRaYT4oTmxuRku91g0msjnIvRX3tnXWDWeezayhb9iXc+1waUM2zOr6rmqIHoj6Ao5dhCdULbtB6gfiG2/fwcAkR08lySV6rmcOzlNVWyyStzECgYEA3gWtwzuWWbdwaZDOt/6ppB8LPRnIC6pXmPBvR+ljzxt0yVQHCuAiFIQeUtGRGZJ/zNeDOY+QSbu3SkAW0xR6VHU+exl4gh+r3ffsjt+fn+YBNWWtOMbZ9mov30XaHCBo1uESwvVG1PknyOgfIJu7tNKcHKJcgxysTX0WLyjWD9kCgYEA18bc6oqjqZn4L5I3TAeLYl1A9aflBQtY/gtEjwB0Ay5Xz17+s2APIOnytwwX7NIe04sfX2BWhnUdPUwEN4eb8UR4fqGZq9+1zCNRsINhepqrK2kyRtp7XXrFkY7HTGoR+ocCjyQHwdvYYXKmoaYbC4O6/XeoMlJySb6Cr6qzvNECgYBcf7EtLZ4uMqa61IHLVmYG4ogkJKGbepSUO1ehdjMHDkFRv5hPh6GrOoAHsRfqt4ZXKVKaoJ1Umsh6PslDl7x/g3lMgAgc7mUETU5ZGAHA9Gp8fKf2h6I3b3YSZ1+/aCFFpO/UGaww/rz8jvio9Tj21OgFZf91AHUos3ySmUjVwQKBgB0NcYFC2XZkfL4q+bcK7QF5fN2WlYdwV7Mc4UY/0V78RmZta+3K6T6NQVjUEASa5fulp7u3xO6lpiIysf6oC58YkQC70W0K2fd6ae1SQzW2zYUyzMotcJ7NgPxwNPVc8r7Ant+XAlRfvWqhfT4Wl12dhvfJvKPJ5gl31TDB0yGBAoGBAKXMYUn3OZfTfzu7F2h1EFWrN+s2mnxYQIPvIvboNfYz12hkyW64pc/il04LUvzs3PQdLr0Lpfl5QP1E5IZI1gU+6nstNSjm91ZY1tKjYciC048IVawwNPhJD8lCLMeyQclhjTOm85JA5r4gCksK8Mx9E46CoiNOT4ZjDzMkaYej" ], + "certificate" : [ "MIIClzCCAX8CBgGQCqncuDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARwaXRjMB4XDTI0MDYxMjA0MTUyMloXDTM0MDYxMjA0MTcwMlowDzENMAsGA1UEAwwEcGl0YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsjPOumzPesSZi71zCn5LNqifvte1oZxNkID3FRpgIn9JfqTXK3IkIrbm4SIuLdVkjzys5ph3bQkcuIuu52VROy6GxPTy8u2CkyZAXl7GjBmcSeGEN9wAr3Daw84/ee8qXschWkFJpTOEow3WiFI4Y4Ed5JBCObwKkeTG9HgZZszd471XuyTe7OpqITlxu/layLh5Uh9f5G8/I7bvmBwhTRRebi0v5ugY4OkADheCi8YMsYOnRnJTwu0ZG7lVh4W3fpBdNM+V6TghmydzFYEeSZlfvzYafaqcGuiJ5Ki1nhQnMMzvoXSdE7PkeS807qspxA56rwPDfFNfB6B7khTCkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAjj/hLQrqvy3GZkB7iaCIy6CZYASdYLb7ywg39cSIpO/ft1MQO85akL+No62UDSgtxRfewJKiit2IiGpVgyOt48Zx+Yd+Ks4w4YF9I1Gd/j3daYtCEIOjnpQ6UDBEBG7B1rfL2Cn3aj+YL0qjygu+CqAj/mTkTAkz09i3wnt/VCj6sE2sh6CAAuaALMWxv22wClYJR/sWjngFnKg2wxvSrbBLZe/DzvvPVBJKxYQbq5ZIzK9c0lv4RjGlKPbS0R8JKD1X2Ul7JqnVfThmali+ri+LzjCxYNCT/3x+4x7L3cwokTd+06oYgLKONDgy+40EMHqk7tFFJqvjFhL5x3qzjg==" ], + "priority" : [ "100" ] + } + }, { + "id" : "966cbb2f-8ebb-423f-8311-77f75704abea", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "dddaa59a-efed-42d5-a9cb-e8c1a374f8de" ], + "secret" : [ "RJZXkGFbuAtA6vkcT6OKYw" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "76ccd78f-6481-4cef-9d09-efcbb1bf8d5e", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "f4eff540-099a-40f7-bdc8-4137f7099796", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f44d4ab5-8ab8-4e00-8d13-b7f32a96951b", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "41e00a6d-5768-445d-9705-18219ea77266", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "05fe1a21-fa8c-4485-a429-7108a96fa4b1", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "93a29c80-fd7d-43e4-b29a-a067bd36ac09", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e37ecd7c-7cab-4b17-8436-d43e40136e42", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "8be1fe46-6069-45d3-8806-255b408214f9", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "465bc00b-c86e-42aa-9cbd-8d136389a800", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "da1677a9-9fe5-4d48-bc7d-87e8a14317b2", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "eb28b4a6-d3e2-4c7d-aba5-603618a2080c", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "184ee903-a00f-462f-9f23-24b6905e50c2", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "06264f3c-9a18-4395-863c-32d7cf75178a", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "8a302a30-c1ce-4628-a953-05eae840e919", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "89dc879d-926a-4118-a55d-069178987489", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "94dcf858-7176-4c9b-af69-fb046ebac202", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "0626b26e-3282-4670-b97b-25664490ce52", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "acb17cf5-08ce-4025-b240-4607989b07c2", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "47bdcb07-ee72-4f0b-896c-f99fcd4ab91b", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "06ce8406-cd9e-49cf-9d1f-8c2d9462ba02", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "frontendUrl" : "", + "acr.loa.map" : "{}" + }, + "keycloakVersion" : "24.0.3", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +}, { + "id" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "realm" : "master", + "displayName" : "Keycloak", + "displayNameHtml" : "
Keycloak
", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 60, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "8dd41a5d-28a3-45dc-9ba4-8905677bef94", + "name" : "create-realm", + "description" : "${role_create-realm}", + "composite" : false, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "attributes" : { } + }, { + "id" : "10d82d8a-0510-49d8-bc3d-51817d676f2b", + "name" : "admin", + "description" : "${role_admin}", + "composite" : true, + "composites" : { + "realm" : [ "create-realm" ], + "client" : { + "master-realm" : [ "manage-events", "view-identity-providers", "query-clients", "create-client", "query-users", "view-clients", "view-events", "manage-authorization", "impersonation", "query-groups", "view-authorization", "manage-realm", "manage-users", "manage-identity-providers", "view-users", "query-realms", "manage-clients", "view-realm" ], + "pitc-realm" : [ "manage-realm", "manage-clients", "query-users", "manage-events", "view-clients", "view-authorization", "impersonation", "query-realms", "view-users", "query-clients", "manage-authorization", "query-groups", "create-client", "manage-users", "view-realm", "view-identity-providers", "manage-identity-providers", "view-events" ] + } + }, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "attributes" : { } + }, { + "id" : "28e62091-72cf-43f8-976d-c7a5d2675f24", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "attributes" : { } + }, { + "id" : "12c2def0-6f5e-4cb1-947b-eef42975a1f0", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "attributes" : { } + }, { + "id" : "be9441e5-482e-4d50-ba1a-3875899888ce", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35", + "attributes" : { } + } ], + "client" : { + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "b8262960-9315-4f31-ad91-7ca92cc8f659", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "1462d1e6-fa83-4e8e-a90b-d3e549bd9088", + "attributes" : { } + } ], + "master-realm" : [ { + "id" : "321f4c3d-48e8-4cbd-952f-5fd6e51b0021", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "4262635e-5615-4268-810f-f30df1b7cff4", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "e228a5ea-0115-4402-86ea-c97cc3060f00", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "fdf1f416-dc37-494d-86ad-a4116e020615", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "d13d3823-d244-4d48-9030-641581a0e9b2", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "eb51b998-97c8-4b1d-8639-f757579b9e3e", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "3c38a1c3-25ba-4e43-a409-eb23f5aefa64", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "28ecb591-9ab1-4ed6-a90e-98122606acef", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "3eb17b06-c352-4fc7-a1d4-01526730c35d", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "d739b0aa-096d-4fc7-aab6-935a29b71a25", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "4334ff64-4467-4adc-92dd-7c2b5c554747", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "cbf69ce9-cb56-4dde-bf92-9f80201ab71d", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "008a524b-39d2-4449-9ce3-2692c9b860da", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "8305c4f8-a2dc-477c-857c-3bc143376606", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "84a207b5-4ecd-42a8-a0cf-1b32c0c82358", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "83a37b1f-b670-4de8-bb1c-c63b385d0ead", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "b613a1dc-788c-417c-b891-7e125e93a3c8", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + }, { + "id" : "e9a9a41d-215a-4705-80b2-51a1fad735c5", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "attributes" : { } + } ], + "account" : [ { + "id" : "2d67ae7b-6019-45a6-9151-003e7b4ad1b7", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "3ab95180-39fc-4b3d-8922-f3cb05746c49", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "44fa7eea-1c7f-442d-9006-6c31052571d9", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "42f68105-0db5-45a0-b8f6-eb51d5b6c3e9", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "36b734fa-fc3a-4dc4-a667-f1ebe501671b", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "0f5859aa-6b92-4e46-b29a-17a1cddc7d64", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "f32a079f-a8bb-4bac-86f7-9321bf0c13de", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + }, { + "id" : "d9f981c0-5678-41b8-bdfb-ee42b62bf024", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "attributes" : { } + } ], + "pitc-realm" : [ { + "id" : "74aa0cf6-2c48-4dfe-b6e8-42ac16e3266e", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "c7bab882-4234-469e-aac0-607cb5f12b37", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "pitc-realm" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "f564e875-2168-4479-945b-762df3a39362", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "489243fb-0454-495e-b326-4ea997a2fc56", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "5baac8c0-9c2d-4d9f-9eab-28507de724f6", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "5c5aa27f-7fbf-456a-89ce-800fc5dbbc80", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "0710ddbc-a2d5-4a2f-81e5-508389fc45ca", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "d0c91c91-09df-4775-bbd2-9e6981ce29e1", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "5d040497-d8fb-4d83-83dc-af3d342bec46", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "ad12243e-1dab-47a4-94d8-c12a20f82ab9", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "d8f48f33-aff5-4868-8ff9-6e46f9f2d378", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "dd8409ea-916b-4ac7-b50e-c0a4995930ea", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "pitc-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "97282d4f-1c69-410f-b800-5de113fe9212", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "569e1e96-f4a7-4379-8d46-c189db5f2ef3", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "42e4d752-dcb6-4771-96a3-4d3de003d035", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "c512d332-ee06-4ab9-93a5-f07499bc003e", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "108a5683-f09e-4df6-a403-5936dc4314c5", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + }, { + "id" : "eb833939-b33f-4bd2-85eb-8bb8609ce537", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "28e62091-72cf-43f8-976d-c7a5d2675f24", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "e2e1949a-0752-479d-927a-81bbdb312d35" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "eabaa39a-f8e7-4c2d-ae1f-66accaf4bd48", + "username" : "admin", + "emailVerified" : false, + "createdTimestamp" : 1718165824319, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "80d82cdf-142b-4f5a-91b9-8326ca80978f", + "type" : "password", + "createdDate" : 1718165824498, + "secretData" : "{\"value\":\"7+fj0mJHeGx9Z3sQ2EBZwGuqbYECKoeMWkV2iWALg/5zAq8gJbIR+UzTuZs19R1T0oQ9uWuPLk5/3r+g3HSQEg==\",\"salt\":\"dMbHxkkdJ1EBbUotbeTzcw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "admin", "default-roles-master" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "1ac791da-74b2-402a-ae1a-e048ab288480", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "fd4dd7ac-a7f4-421a-9369-137f5f99b9a6", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "0e7e1a54-8bd2-4898-a201-74a14ac6c061", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "71d440c4-490c-475e-82bc-2ff89f856b8e", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1462d1e6-fa83-4e8e-a90b-d3e549bd9088", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "debb544f-fc9e-4630-874f-32ac5282ebd9", + "clientId" : "master-realm", + "name" : "master Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5cbfb9ea-c304-4fc1-a300-e4b02ae79399", + "clientId" : "pitc-realm", + "name" : "pitc Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ ], + "optionalClientScopes" : [ ] + }, { + "id" : "e84615dc-6c2b-4236-ac23-1500f2a8ace5", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/master/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/master/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "6c24534c-d1f6-4f41-bfd5-2351e2b76245", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "d54480a2-e794-4e90-989e-ff36704c1c73", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "54e31279-ef91-4bf7-9e00-51ce8a326b46", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "ce23013d-4062-4b92-bc98-e3d8dbbd8c06", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "490e59f9-72be-4dce-ad6e-929151c7cf97", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "fc5d832a-5a01-4a7b-8d41-d3bd39bebf41", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e19981d5-f59c-4da2-92c4-d7a7fe25f3d7", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "5de0f3ab-e9d1-4850-8b47-ddcf9ab56206", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "7311de8a-1818-4a4e-a899-676db48b428e", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "39efd72a-7bf3-46a0-95d3-bd0306362ec8", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "50d606c9-893f-424c-abcc-51909541d992", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + }, { + "id" : "b71ade96-4f7e-4020-b316-ddea754a382d", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e972d82f-089e-4c1f-ba35-52ff7914d90b", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "26eb2810-b963-4003-9927-9e7593f13729", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0b6b6e9f-2b24-4a6f-ae6d-ec754f26ada5", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "96c3cd82-2d1f-4932-b681-87d2c76e3b5c", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "a4a40b7e-223b-45b3-a21f-46ccc5b57724", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "93034cdb-6f2c-4976-a316-758f2a092cae", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "bcce030e-d2af-441f-a8f9-df53480b7c4b", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "a1916ba1-1f10-4fe8-824c-9919c0bf18f0", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "0bdecdf4-247c-4921-9022-b80a79369089", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "c394d12f-663f-4d2a-8af8-eb4488361c6c", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "556586df-22e2-48bf-a32e-da8708869b59", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "26a8b92e-f80c-4a6d-9f63-a3476fad4139", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "0ccd5cee-d387-461e-8a54-34532736179d", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "1c7d7cd0-eae9-44c8-b32c-4cf6130e30c0", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "a0e67a17-221b-4dbf-be6b-aa2bd8ee6aae", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "b15aa3f1-f2ef-4631-a94d-4ec956813c9c", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "732ab2b7-50ba-49e4-a742-52be7bf7e52a", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "ff1d92e5-2caa-4272-92a1-99cb6daf43e8", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "e9d36909-9d05-49e7-a4af-494acd3232ff", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ae7cc45c-ca9f-4f19-a5c0-893f164343f8", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "f59e5af2-3cd8-4678-a425-57b42c4372c7", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "4684b5fd-ac23-43c1-b699-706b54320221", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "2b7b469f-f810-4d36-864f-a1c6f2302783", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "de1c94e3-ff70-4159-9ac4-d4c7cfd52ed8", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "aac5def9-9086-4ee5-bbc3-61da0c12a521", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "0db38439-e4b9-4c5d-8349-5703f63d627e", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "xXSSProtection" : "1; mode=block", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "796e2b4f-d7e2-485b-9dfe-faa7484b681f", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "8a9bf3aa-29c9-4be9-9948-66cc1905a1ad", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "21cd24cf-c834-44b7-beab-94c525cc2bb1", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "a989db42-df3b-425f-97fb-c0a010188b53", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "d81d46d3-ff37-49c7-af02-4d56acfbfa71", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "8c4dbd46-ddd1-4f5c-b0c5-5f4e6bac3915", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "c71c3bb0-6c41-4ead-952f-20d19e74173a", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "cf889392-43a9-456d-933e-dc24c610199c", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "a8bf47a7-e652-48c5-a1f2-eed89ae672ef", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5d62717f-37e8-4b99-9251-1bfe0c017921", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "184e1041-7d4f-48f9-a504-aa1ab2449575" ], + "secret" : [ "1tMgHX9S-wgOD-ZNFlizUlAHENDFepx1-Qyrnxtm1e4AfjYEEzNvGtk-oQ0jv9yAiDt54PEGZzOPKgsENhS5RGPplWJkfaO5lnrFZCSEc2Hwi-3ySOiN2pF2ucKGrjqfs4g-u38BiIkxB7afYISEsp-udOz7IOko3sdSx89JNik" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "bee85c4a-9df9-4711-9336-6e9d9b127184", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAuz/Pbdc2cGsfV/LjMSuov3I9lUWKx+U9fQaxRHuTlK3VW8p4flqR2CrfTwzfYZb2X0SkZD0lma5XXEdY03fy07i9cdwllui/g51QK8NxbS/rcRTydTBUKJJSl4WObKuHMgJJ9crh5roz2oCx39RzZZmOr1k5uvL8AkONQnERSGe27muc5nLOH6f3Vun1qh03sWFNyo7tV/xknDdO7bmOogoy/crW7xfFrWrGvHeRdMFfaUHD50qXeqnghlAk3Qt7LhWGjt+Jxbl5kH0iVSIKpMM1OJIPB7rcx/bCs3nF5QRb2aTD3HNomvqmc3jsrZMFTxoyzQIA5qoqrV0SBHZO7wIDAQABAoIBAEyn71WyxK0aFZ9OJnczPeZ+MLri2NFDxjvgWQLFqmG0FoP47AIiNtGtn3S/utU7VYoj0j7dD38OMeJrrPAJi2Xkm924d8UDbJ/Hb5Iy9UTzWKoXHrkd+14OpPQ171wKjpLJABk5IOjxcpfxlqAg28sMpa6gUvN3VPbiS7qXCjG+3A47TI+QBD/j5MH6kvivTJ9nh+Dw3ctH4rW/OwO/A4f310fdWaSq3oqIa4XHrrl9F4R7VEjewd9Awthdw7vlH81+Izi/zycNFF/ESMA2d8hyiZxK1Ibk6mOqGHDIo0HzE3fDRseIbUfovP9kzuhRBiImMEGl/qX9slg2rYH2iaECgYEA7AZXaOGvux7bhXvOJ+XCJIZpX5bOEeWiJkTP0dk7NxlnUEYuHegxNf2dDbxPrsPHmGsfRuuFMuDrItAVLKenm9JrbP0gu5dD80CyfCZGlbG3WVPNrMeSkfgw4uc4MhfrfxK/HXtBGoupH2g5Nh7RycadvqHR4rzKCWAMU3KZhw8CgYEAyxi1svVZ8y/lL2AEXW84yKFxJV9sbMe9YxNqSV5sMN7sZIy3UMTd7v2S6pn2PCwNMJ54glqD7MBiEOZ2eIsa2juoQtQwXM7TJ1Wv12sdshMW1NbRUvjfI0eJQ5xAPbltrMdd904RcLA4d4+rwseHXzez5taLrDdfr4IUu/zFuiECgYEAv6JKeEq93uUoAZJLCVPgNL25crZD7H4REJdQUSbakFsc6i2BJiEvS5H2YX+jBtfJCDT5uSBjDrNV1vcyKgaZ7MeFF4HSgN1Je4jtIiYFq2cW4f1MAlwr4j6smp53nxySxaMX7zzy2DXLBEggI5QUa4rK60wB2OHF/KSyfVKP2vsCgYEAnEiccWSp3iAKDYWmdjvDB2hsB+VBKwgc7WOgU2sMeCLi55D883M6kNCiQFNPjwga8kHP3AdJI2L7U6P0oFfyxuJHXX2o5ZHmHIusb2knBcP4urm/hEisdJp0vwk6ygSpp94WqdpyQzPnj+GHu7AMtLHJhyWrf09xGz5PNEWT5eECgYBEdPNZThbFl2EODTe+NZDMJbMpSn7tioiMS07lkME9xBgsbeC9NA5q0lKWIextRwmz44wPC6SOu4qWzF7L42naD91xqiD8qHqAu1gS9UJT8iHItErNYTuu2L3bDzS2aSdD6pGhGsWjBHayWTcAah1eKSPNKdgZPILXq1r/Vg30kQ==" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmzCCAYMCBgGQCqnYsjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNjEyMDQxNTIxWhcNMzQwNjEyMDQxNzAxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7P89t1zZwax9X8uMxK6i/cj2VRYrH5T19BrFEe5OUrdVbynh+WpHYKt9PDN9hlvZfRKRkPSWZrldcR1jTd/LTuL1x3CWW6L+DnVArw3FtL+txFPJ1MFQoklKXhY5sq4cyAkn1yuHmujPagLHf1HNlmY6vWTm68vwCQ41CcRFIZ7bua5zmcs4fp/dW6fWqHTexYU3Kju1X/GScN07tuY6iCjL9ytbvF8Wtasa8d5F0wV9pQcPnSpd6qeCGUCTdC3suFYaO34nFuXmQfSJVIgqkwzU4kg8HutzH9sKzecXlBFvZpMPcc2ia+qZzeOytkwVPGjLNAgDmqiqtXRIEdk7vAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI8VpSWghWfLbRrOjTh3/6RJpQXGk5yQQZjGTpBMTTcrDWLC3oiPmHiFxAfZMAvk4QuVfMmVntTkDnGL8Z+AiKVhZ45kM8utoV4u9dFCjljaRrQz7+UJF2f5RC6jwPAqc3fZ8CKmLH+IeBQobPQkT666viy2olDQgkQF7rDi4eu+TfJObl7yjIAwo7S3MsSI39SeKZWDXw3MT0Vt/FJbV7zPxLZ9GQdmBlw1ZvbXgTZKc08BJ+BW5bakbu7DELwuKxtiXYC1rtlQtQCAlg0T8dl1uHMU7UIoWcQvFmt5aGtXNZcoldbL3zC+bropy3fy/gKD6jtJH++1TPiGM1BjVI4=" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "8aa4dae3-02c9-4059-af3b-ac6888fc9cc5", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "d2660eb1-263d-4ca2-8e32-64af629481be" ], + "secret" : [ "HV4ttmTBG53Y6fvmbLFldA" ], + "priority" : [ "100" ] + } + }, { + "id" : "7eebd2ce-0822-4ed9-ab4d-b4d11ea55597", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAu7ksbEnNR6VwYLwgObFTTTjje5e6+Aq8WialLXN/QJ54OCd/h/I18HWYwwWhqnuvwFTtYMfdugI4JeRcPRqpifllWmS/cxBb8pRLPybkwgI6Cll8pubh4QZD+pO2rsFeQ5da1Bw+IFtYOm9/ARV/CfZf1GToxD2u9zgy3sClbwe1g21D7e4JV4VC0/N9cQxSr+BFxEd11AwSKip27M9U06xeBPkLGnEoiAUpIzyVrKEsl6JHeOE7yV9Kch1scQC8YBuGbanZ+FX+jeUMaS3gULVsSW69FH1KNj33WI8AW8+MlB2dUI4SrpsotwXp5czZMrOGg37VO0299P4jxJeZpQIDAQABAoIBABeyRIQH3eiXHuQrIzM9KduD3J1XliOk8Uk8+xlNbMkKp/jIrZ3KypnHsmidz54+Xj1cSxmuKRRHnvBTjvwsny2aRHvAX3VmIYExzHzUi0hdMRfo22YTG3zFBnQ9TLBrGtvT4YSIayQ4+55mwCSyIrbueYLNWR+afLlax/sb3NYyrsdZQYLA5yrS5qqmhdcLthO1Qbmkqd0tFSrk7sSbIWwTdXGTE2MA0/eduLJmcHcAMNH7IfXoacHuFpTHXg1Q9pDVTBoWSGLTGtXZmP/9C5SXhZ+mqJv4CjLGCv8BiF3GW+cEAJ7Yb5LdsbZLg8iFfcFaIzAfqzt4ommgluB/oiECgYEA5KVrRE/c4huBwp9yLH7T0jWojluXMZ/J12S5ayefCfrT1VmfcLdJzCR2mMJAShN7I5k2phtokC0Vf1noPAlvUcMTOOK71LY/DmZi4IzJ5jmDom1E8N8Aiblpwm5p06nDsx8QvrAExNzaSUd5qrszFNBZM6KOBPpWApcQVkORGsUCgYEA0i5wwUFbyYilk0vquQkClY2t75+igOBwLBatQIu0Kdpzb6BHYqsgByEmoCgygeCoV5qtsxxd96ucXKX523pnwqxygBRUOZE7TR1KfZGEjVaHJrpuqFzsDE0C8NOR6VOWaGVbO8qoj5deECa0P5k4bcwaVAvnis0bKuBybslV8WECgYBIGKT3OFuE7HmBHffJcgBmw0awBM9q9WCWy4rv7+FlKzNKjeUJjLH3bfP7fRz6fqQQeIpT3EafV6f0rSveancwh9tyz4O8se62IrDA74PmVXJdcCkR7q9jvhRMG7bA6EHuJDiKeEQ4sw8dli0WGcskoAHQl0xC45DlZi7flJSXpQKBgGEWZK1QhJaukVVeDxnUCKaOoJb81XLUudwTyYn0Po/KweIBVphEVfIVJSN8DgCihwCYib4fz2Q1mG/Pl4ADpeRuBiIVweYpqQvxCNTCIEmte5avLaiF69+uvzoBcPgnzWWB1EflUEGr+R5a0o5CN6e4TT0flqAuKGuA7Dsys4lhAoGBAMUd6QIZ6JVzhMpium54lnQoxXh2rRfnDMvljIPxDHYFyVcRG06GU//5t0Fu1fdPf/uFeRX78HmUKF9QcreXxYD9G0DwbFsEHR+UWp+Lqd/FUvkXmisG4QSskAaKB+JGcs8Qe6oDpF0Gi0loZ+wpMRfez5By8SvcCIChdyrZQshF" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmzCCAYMCBgGQCqnX0DANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNjEyMDQxNTIxWhcNMzQwNjEyMDQxNzAxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7uSxsSc1HpXBgvCA5sVNNOON7l7r4CrxaJqUtc39Anng4J3+H8jXwdZjDBaGqe6/AVO1gx926Ajgl5Fw9GqmJ+WVaZL9zEFvylEs/JuTCAjoKWXym5uHhBkP6k7auwV5Dl1rUHD4gW1g6b38BFX8J9l/UZOjEPa73ODLewKVvB7WDbUPt7glXhULT831xDFKv4EXER3XUDBIqKnbsz1TTrF4E+QsacSiIBSkjPJWsoSyXokd44TvJX0pyHWxxALxgG4Ztqdn4Vf6N5QxpLeBQtWxJbr0UfUo2PfdYjwBbz4yUHZ1QjhKumyi3BenlzNkys4aDftU7Tb30/iPEl5mlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAYkCCLH7iWJj7uj5NdJ6xnKsj9xWzs/Jgw3fPAr4gV31485dETU5wvgpmR/RhoZ1ipoveEdEIefp5sqhlm6zWt/TmR4oq3tQKWCLBEaV4q1QnriYkzKepUhNfJXQAoT2cWY4ceon9GR5Fywl/qR8Iy4IoCqomyCm2hYt4v5TvOHQHYSJ1WD5jXGYH2Ld8YCMIpUFfQpIyB9cpvLkeqWpP7sbnWqQMuZWOp0z9N+njFuGkTlidgr7TACZ0GPXdz2FS+ncXHG7dojYZCKhHCyA184yMl0Wq1uyQjOUlXmtZj+v3x3gouRiB/iT+CKqP1wpkkXtfCB0HYmWsOOzjd5BpE=" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "9122fc4f-1cfd-40a4-9276-5d313553d5f3", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "e7ea5207-4390-4137-8f88-9f0b51ccaa02", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "0d53a3b8-d922-4c42-9b4c-44c0b22f2ee8", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3bb84308-a019-4bbb-b2f7-d3b06a7eeb09", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "7f4abf51-1e1c-4daa-b7bd-7378b2514f90", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "583e8fa9-0703-4a0b-9c5d-9e2e5cc7e4f3", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a95fab1f-d322-4e0c-a92e-dd8ddb45b27e", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "95adf8e8-1485-406b-98fc-c5f3753e50d6", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "79d2f376-8f4a-4e92-b68b-9d60764b6caf", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "1e72d797-4af1-4428-a368-122468da8fec", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "2f3f9ca8-452f-4b22-a5e5-2ce95349d635", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "8842968f-92e2-4778-8cf1-54f5f5c681d1", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "db75dcf7-cbbf-4e97-b5c3-2c442c7c308f", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "5aa9f338-f902-4939-99dc-9b210652525c", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "475d6898-5eed-481f-938d-8daba429653b", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "f4fc7a41-df12-4619-8aa7-10edcd40541c", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "7005ab71-88d5-4ec7-8824-2b7c269fda17", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "d43f81ec-484b-4b48-acfd-f2168b2988ba", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "421e4d3c-a47b-4dd9-9f4f-eec50b1dddb7", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "ae0a4ab6-a7e0-4817-bbaf-87403685e411", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "24.0.3", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} ] \ No newline at end of file From f1fb1285cc929e5a1a442ceac00d6d79199b1fa4 Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 06:37:54 +0200 Subject: [PATCH 2/7] #943: minor code cleanup for readability --- .../puzzle/okr/security/TenantJwtIssuerValidator.java | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/backend/src/main/java/ch/puzzle/okr/security/TenantJwtIssuerValidator.java b/backend/src/main/java/ch/puzzle/okr/security/TenantJwtIssuerValidator.java index ff3d2b2788..1dadd96b3f 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/TenantJwtIssuerValidator.java +++ b/backend/src/main/java/ch/puzzle/okr/security/TenantJwtIssuerValidator.java @@ -25,15 +25,12 @@ public TenantJwtIssuerValidator(TenantConfigProvider tenantConfigProvider, JwtHe @Override public OAuth2TokenValidatorResult validate(Jwt token) { - return this.validators.computeIfAbsent(toTenant(token), this::fromTenant) // - .validate(token); + String tenant = jwtHelper.getTenantFromToken(token); + JwtIssuerValidator validator = validators.computeIfAbsent(tenant, this::createValidatorForTenant); + return validator.validate(token); } - private String toTenant(Jwt jwt) { - return jwtHelper.getTenantFromToken(jwt); - } - - private JwtIssuerValidator fromTenant(String tenant) { + private JwtIssuerValidator createValidatorForTenant(String tenant) { return this.tenantConfigProvider.getTenantConfigById(tenant) // .map(TenantConfigProvider.TenantConfig::issuerUrl) // .map(this::createValidator) // From 3a783d554674d85a9853b4aa80fd706e2b22d5f5 Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 06:41:39 +0200 Subject: [PATCH 3/7] #943: helper classes for getting tenant from Token/ClaimSet using tenant/iss claim --- .../okr/security/helper/ClaimHelper.java | 56 +++++++++++++++++++ .../okr/security/helper/JwtStatusLogger.java | 31 ++++++++++ .../okr/security/helper/TokenHelper.java | 44 +++++++++++++++ .../puzzle/okr/security/helper/UrlHelper.java | 9 +++ 4 files changed, 140 insertions(+) create mode 100644 backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java create mode 100644 backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java create mode 100644 backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java create mode 100644 backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java new file mode 100644 index 0000000000..01a1f44608 --- /dev/null +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java @@ -0,0 +1,56 @@ +package ch.puzzle.okr.security.helper; + +import com.nimbusds.jwt.JWTClaimsSet; + +import java.text.ParseException; +import java.util.Optional; + +import static ch.puzzle.okr.security.JwtHelper.CLAIM_ISS; +import static ch.puzzle.okr.security.JwtHelper.CLAIM_TENANT; +import static ch.puzzle.okr.security.helper.JwtStatusLogger.logStatus; +import static ch.puzzle.okr.security.helper.UrlHelper.extractTenantFromIssUrl; + +public class ClaimHelper { + + public Optional getTenantFromClaimsSetUsingClaimTenant(JWTClaimsSet claimSet) { + try { + String tenant = getTenant(claimSet); + return Optional.ofNullable(tenant); + } catch (ParseException e) { + logStatus(CLAIM_TENANT, claimSet, e); + return Optional.empty(); + } + } + + private static String getTenant(JWTClaimsSet claimSet) throws ParseException { + String tenant = claimSet.getStringClaim(CLAIM_TENANT); + logStatus(CLAIM_TENANT, claimSet, tenant); + return tenant; + } + + public Optional getTenantFromClaimsSetUsingClaimIss(JWTClaimsSet claimSet) { + try { + String issUrl = getIssUrl(claimSet); + if (issUrl == null) { + return Optional.empty(); + } + return getTenant(claimSet, issUrl); + } catch (ParseException e) { + logStatus(CLAIM_ISS, claimSet, e); + return Optional.empty(); + } + } + + private static String getIssUrl(JWTClaimsSet claimSet) throws ParseException { + String issUrl = claimSet.getStringClaim(CLAIM_ISS); + logStatus(CLAIM_ISS, claimSet, issUrl); + return issUrl; + } + + private static Optional getTenant(JWTClaimsSet claimSet, String issUrl) { + String tenant = extractTenantFromIssUrl(issUrl); + logStatus(CLAIM_ISS, claimSet, tenant); + return Optional.ofNullable(tenant); + } + +} diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java b/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java new file mode 100644 index 0000000000..280e295b95 --- /dev/null +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java @@ -0,0 +1,31 @@ +package ch.puzzle.okr.security.helper; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.text.ParseException; + +public class JwtStatusLogger { + + private static final Logger logger = LoggerFactory.getLogger(ClaimHelper.class); + + public static void logStatus(String claim, Object context, String result) { + boolean isOk = result != null; + if (isOk) { + logger.info("Tenant: get claim '{}' from {}{}", claim, context.getClass().getSimpleName(), + statusToSymbol(isOk)); + } else { + logger.warn("Tenant: get claim '{}' from {}{}", claim, context.getClass().getSimpleName(), + statusToSymbol(isOk)); + } + } + + public static void logStatus(String claim, Object context, ParseException e) { + logger.warn("Tenant: get claim '{}' from {}{}", claim, context.getClass().getSimpleName(), + statusToSymbol(false), e); + } + + private static String statusToSymbol(boolean isOk) { + return isOk ? " | OK" : " | FAILED"; + } +} diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java new file mode 100644 index 0000000000..ad1eaa4d89 --- /dev/null +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java @@ -0,0 +1,44 @@ +package ch.puzzle.okr.security.helper; + +import org.springframework.security.oauth2.jwt.Jwt; + +import java.util.Optional; + +import static ch.puzzle.okr.security.JwtHelper.CLAIM_ISS; +import static ch.puzzle.okr.security.JwtHelper.CLAIM_TENANT; +import static ch.puzzle.okr.security.helper.JwtStatusLogger.logStatus; +import static ch.puzzle.okr.security.helper.UrlHelper.extractTenantFromIssUrl; + +public class TokenHelper { + + public Optional getTenantFromTokenUsingClaimTenant(Jwt token) { + String tenant = getTenant(token); + return Optional.ofNullable(tenant); + } + + private static String getTenant(Jwt token) { + String tenant = token.getClaimAsString(CLAIM_TENANT); // can return null + logStatus(CLAIM_TENANT, token, tenant); + return tenant; + } + + public Optional getTenantFromTokenUsingClaimIss(Jwt token) { + String issUrl = getIssUrl(token); + if (issUrl == null) { + return Optional.empty(); + } + return getTenant(token, issUrl); + } + + private String getIssUrl(Jwt token) { + String issUrl = token.getClaimAsString(CLAIM_ISS); // can return null + logStatus(CLAIM_ISS, token, issUrl); + return issUrl; + } + + private Optional getTenant(Jwt token, String issUrl) { + String tenant = extractTenantFromIssUrl(issUrl); + logStatus(CLAIM_ISS, token, tenant); + return Optional.ofNullable(tenant); + } +} diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java new file mode 100644 index 0000000000..b630b654d5 --- /dev/null +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java @@ -0,0 +1,9 @@ +package ch.puzzle.okr.security.helper; + +public class UrlHelper { + + public static String extractTenantFromIssUrl(String issUrl) { + String[] issUrlParts = issUrl.split("/"); + return issUrlParts[issUrlParts.length - 1]; + } +} From b90bcdf8fd920803258688510496d1fbff24c947 Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 06:43:47 +0200 Subject: [PATCH 4/7] #943: use helper classes in JwtHelper --- .../ch/puzzle/okr/security/JwtHelper.java | 53 +++++++++++++++---- .../ch/puzzle/okr/security/JwtHelperTest.java | 2 + 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java b/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java index 0cf2100ce2..b9c9e62458 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java +++ b/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java @@ -4,6 +4,8 @@ import ch.puzzle.okr.exception.OkrResponseStatusException; import ch.puzzle.okr.models.User; import ch.puzzle.okr.multitenancy.TenantConfigProvider; +import ch.puzzle.okr.security.helper.ClaimHelper; +import ch.puzzle.okr.security.helper.TokenHelper; import com.nimbusds.jwt.JWTClaimsSet; import jakarta.persistence.EntityNotFoundException; import org.slf4j.Logger; @@ -13,15 +15,16 @@ import org.springframework.stereotype.Component; import java.text.MessageFormat; -import java.text.ParseException; import java.util.Map; +import java.util.Optional; import static ch.puzzle.okr.Constants.USER; import static org.springframework.http.HttpStatus.BAD_REQUEST; @Component public class JwtHelper { - private static final String CLAIM_TENANT = "tenant"; + public static final String CLAIM_TENANT = "tenant"; + public static final String CLAIM_ISS = "iss"; private static final Logger logger = LoggerFactory.getLogger(JwtHelper.class); @@ -57,22 +60,50 @@ public User getUserFromJwt(Jwt token) { } public String getTenantFromToken(Jwt token) { - return getTenantOrThrow(token.getClaimAsString(CLAIM_TENANT)); + TokenHelper helper = new TokenHelper(); + + Optional tenantUsingClaimIss = helper.getTenantFromTokenUsingClaimIss(token); + if (tenantUsingClaimIss.isPresent()) { + return getMatchingTenantFromConfigOrThrow(tenantUsingClaimIss.get()); + } + + Optional tenantUsingClaimTenant = helper.getTenantFromTokenUsingClaimTenant(token); + if (tenantUsingClaimTenant.isPresent()) { + return getMatchingTenantFromConfigOrThrow(tenantUsingClaimTenant.get()); + } + + logErrorAndThrowException(CLAIM_TENANT, CLAIM_ISS); + return null; // only to make the compiler happy + } + + public String getTenantFromJWTClaimsSet(JWTClaimsSet claimSet) { + ClaimHelper helper = new ClaimHelper(); + + Optional tenantUsingClaimIss = helper.getTenantFromClaimsSetUsingClaimIss(claimSet); + if (tenantUsingClaimIss.isPresent()) { + return getMatchingTenantFromConfigOrThrow(tenantUsingClaimIss.get()); + } + + Optional tenantUsingClaimTenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimSet); + if (tenantUsingClaimTenant.isPresent()) { + return getMatchingTenantFromConfigOrThrow(tenantUsingClaimTenant.get()); + } + + logErrorAndThrowException(CLAIM_TENANT, CLAIM_ISS); + return null; // only to make the compiler happy } - private String getTenantOrThrow(String tenant) { + private String getMatchingTenantFromConfigOrThrow(String tenant) { // Ensure we return only tenants for realms which really exist return this.tenantConfigProvider.getTenantConfigById(tenant) .orElseThrow(() -> new EntityNotFoundException(MessageFormat.format("Cannot find tenant {0}", tenant))) .tenantId(); } - public String getTenantFromJWTClaimsSet(JWTClaimsSet claimSet) { - try { - return this.getTenantOrThrow(claimSet.getStringClaim(CLAIM_TENANT)); - } catch (ParseException e) { - throw new RuntimeException("Missing `tenant` claim in JWT token!", e); - } - + private void logErrorAndThrowException(String tenant, String iss) throws RuntimeException { + String errorInfo = "* Missing `" + tenant + "` and '" + iss + "' claims in JWT token!"; + logger.error(errorInfo); + throw new RuntimeException(errorInfo); } + } \ No newline at end of file diff --git a/backend/src/test/java/ch/puzzle/okr/security/JwtHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/JwtHelperTest.java index bf4be53c9b..35f0367478 100644 --- a/backend/src/test/java/ch/puzzle/okr/security/JwtHelperTest.java +++ b/backend/src/test/java/ch/puzzle/okr/security/JwtHelperTest.java @@ -31,6 +31,7 @@ public class JwtHelperTest { private static final String TOKEN_CLAIMS_KEY_TENANT = "tenant"; private static final String PITC = "pitc"; + // ok @DisplayName("getUserFromJwt() extracts User data from Token") @Test void getUserFromJwtExtractsUserDataFromToken() { @@ -54,6 +55,7 @@ void getUserFromJwtExtractsUserDataFromToken() { assertEquals(EMAIL, userFromToken.getEmail()); } + // ok @DisplayName("getUserFromJwt() throws Exception if Token not contains User data") @Test void getUserFromJwtThrowsExceptionIfTokenNotContainsUserData() { From 1e53d4a52894b9e7419067d0553d84b5f3e8c60b Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 09:26:19 +0200 Subject: [PATCH 5/7] #943: tests for helper classes --- .../okr/security/helper/ClaimHelperTest.java | 143 ++++++++++++++++++ .../okr/security/helper/TokenHelperTest.java | 114 ++++++++++++++ .../okr/security/helper/UrlHelperTest.java | 39 +++++ 3 files changed, 296 insertions(+) create mode 100644 backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java create mode 100644 backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java create mode 100644 backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java new file mode 100644 index 0000000000..2677d12302 --- /dev/null +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java @@ -0,0 +1,143 @@ +package ch.puzzle.okr.security.helper; + +import com.nimbusds.jwt.JWTClaimsSet; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +import java.text.ParseException; +import java.util.Optional; + +import static ch.puzzle.okr.security.JwtHelper.CLAIM_ISS; +import static ch.puzzle.okr.security.JwtHelper.CLAIM_TENANT; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class ClaimHelperTest { + + private static final String PITC = "pitc"; + private ClaimHelper helper; + + @BeforeEach + void setup() { + helper = new ClaimHelper(); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimTenant() return tenant if claim tenant is found") + @Test + void getTenantFromClaimsSetUsingClaimTenantReturnTenantIfClaimTenantFound() throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_TENANT)).thenReturn(PITC); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimsSetMock); + + // assert + assertTrue(tenant.isPresent()); + assertEquals(PITC, tenant.get()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimTenant() return empty if claim tenant is not found") + @Test + void getTenantFromClaimsSetUsingClaimTenantReturnEmptyIfClaimTenantNotFound() { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimTenant() return empty if claim tenant is found but value is null") + @Test + void getTenantFromClaimsSetUsingClaimTenantReturnEmptyIfClaimTenantFoundButValueIsNull() throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_TENANT)).thenReturn(null); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimTenant() return empty if claim tenant is found but parsing of claim failed") + @Test + void getTenantFromClaimsSetUsingClaimTenantReturnEmptyIfParsingOfClaimFailed() throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_TENANT)).thenThrow(new ParseException("", 0)); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimIss() return tenant if claim iss is found") + @ParameterizedTest + @ValueSource(strings = {"https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc"}) + void getTenantFromClaimsSetUsingClaimIssReturnTenantIfClaimIssFound(String issUrl) throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_ISS)).thenReturn(issUrl); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimIss(claimsSetMock); + + // assert + assertTrue(tenant.isPresent()); + assertEquals(PITC, tenant.get()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimIss() return empty if claim iss is not found") + @Test + void getTenantFromClaimsSetUsingClaimIssReturnEmptyIfClaimIssNotFound() { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimIss(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimIss() return empty if claim iss is found but value is null") + @Test + void getTenantFromClaimsSetUsingClaimIssReturnEmptyIfClaimIssFoundButValueIsNull() throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_ISS)).thenReturn(null); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimIss(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromClaimsSetUsingClaimIss() return empty if parsing of claim failed") + @Test + void getTenantFromClaimsSetUsingClaimIssReturnEmptyIfParsingOfClaimFailed() throws ParseException { + // arrange + JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); + when(claimsSetMock.getStringClaim(CLAIM_ISS)).thenThrow(new ParseException("", 0)); + + // act + Optional tenant = helper.getTenantFromClaimsSetUsingClaimIss(claimsSetMock); + + // assert + assertTrue(tenant.isEmpty()); + } + +} diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java new file mode 100644 index 0000000000..f56607f39b --- /dev/null +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java @@ -0,0 +1,114 @@ +package ch.puzzle.okr.security.helper; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.springframework.security.oauth2.jwt.Jwt; + +import java.util.Optional; + +import static ch.puzzle.okr.security.JwtHelper.CLAIM_ISS; +import static ch.puzzle.okr.security.JwtHelper.CLAIM_TENANT; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class TokenHelperTest { + + private static final String PITC = "pitc"; + private TokenHelper helper; + + @BeforeEach + void setUp() { + helper = new TokenHelper(); + } + + @DisplayName("getTenantFromTokenUsingClaimTenant() return tenant if claim tenant is found") + @Test + void getTenantFromTokenUsingClaimTenantReturnTenantIfClaimTenantFound() { + // arrange + Jwt tokenMock = mock(Jwt.class); + when(tokenMock.getClaimAsString(CLAIM_TENANT)).thenReturn(PITC); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimTenant(tokenMock); + + // assert + assertTrue(tenant.isPresent()); + assertEquals(PITC, tenant.get()); + } + + @DisplayName("getTenantFromTokenUsingClaimTenant() return empty if claim tenant not found") + @Test + void getTenantFromTokenUsingClaimTenantReturnEmptyIfClaimTenantNotFound() { + // arrange + Jwt tokenMock = mock(Jwt.class); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimTenant(tokenMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromTokenUsingClaimTenant() return empty if claim tenant is found but value is null") + @Test + void getTenantFromTokenUsingClaimTenantReturnEmptyIfClaimTenantFoundButValueIsNull() { + // arrange + Jwt tokenMock = mock(Jwt.class); + when(tokenMock.getClaimAsString(CLAIM_TENANT)).thenReturn(null); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimTenant(tokenMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromTokenUsingClaimIss() return tenant if claim iss is found") + @ParameterizedTest + @ValueSource(strings = {"https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc"}) + void getTenantFromTokenUsingClaimIssReturnTenantIfClaimIssFound(String issUrl) { + // arrange + Jwt tokenMock = mock(Jwt.class); + when(tokenMock.getClaimAsString(CLAIM_ISS)).thenReturn(issUrl); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimIss(tokenMock); + + // assert + assertTrue(tenant.isPresent()); + assertEquals(PITC, tenant.get()); + } + + @DisplayName("getTenantFromTokenUsingClaimIss() return empty if claim iss is not found") + @Test + void getTenantFromTokenUsingClaimIssReturnEmptyIfClaimIssNotFound() { + // arrange + Jwt tokenMock = mock(Jwt.class); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimIss(tokenMock); + + // assert + assertTrue(tenant.isEmpty()); + } + + @DisplayName("getTenantFromTokenUsingClaimIss() return empty if claim iss is found but value is null") + @Test + void getTenantFromTokenUsingClaimIssReturnEmptyIfClaimIssFoundButValueIsNull() { + // arrange + Jwt tokenMock = mock(Jwt.class); + when(tokenMock.getClaimAsString(CLAIM_ISS)).thenReturn(null); + + // act + Optional tenant = helper.getTenantFromTokenUsingClaimIss(tokenMock); + + // assert + assertTrue(tenant.isEmpty()); + } + +} diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java new file mode 100644 index 0000000000..6d73026ec7 --- /dev/null +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java @@ -0,0 +1,39 @@ +package ch.puzzle.okr.security.helper; + +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +public class UrlHelperTest { + + private static final String PITC = "pitc"; + + @DisplayName("extractTenantFromIssUrl() return tenant if Url contains slash") + @ParameterizedTest + @ValueSource(strings = { "https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc" }) + void extractTenantFromIssUrlReturnTenantIfUrlContainSlash(String issUrl) { + // arrange + + // act + String tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); + + // assert + assertEquals(PITC, tenantFromIssUrl); + } + + @DisplayName("extractTenantFromIssUrl() return input url if url not contains slash") + @Test + void extractTenantFromIssUrlReturnInputIfUrlNotContainSlash() { + // arrange + String issUrl = "this_is_not_a_valid_url"; + + // act + String tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); + + // assert + assertEquals(issUrl, tenantFromIssUrl); + } +} From ddd504db1a4ddb919850a9e1dd1c4e7301b08d03 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 14 Jun 2024 07:26:59 +0000 Subject: [PATCH 6/7] [FM] Automated formating backend --- .../java/ch/puzzle/okr/security/helper/ClaimHelperTest.java | 2 +- .../java/ch/puzzle/okr/security/helper/TokenHelperTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java index 2677d12302..0a3850bf1f 100644 --- a/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/ClaimHelperTest.java @@ -85,7 +85,7 @@ void getTenantFromClaimsSetUsingClaimTenantReturnEmptyIfParsingOfClaimFailed() t @DisplayName("getTenantFromClaimsSetUsingClaimIss() return tenant if claim iss is found") @ParameterizedTest - @ValueSource(strings = {"https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc"}) + @ValueSource(strings = { "https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc" }) void getTenantFromClaimsSetUsingClaimIssReturnTenantIfClaimIssFound(String issUrl) throws ParseException { // arrange JWTClaimsSet claimsSetMock = mock(JWTClaimsSet.class); diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java index f56607f39b..0b9c2215ce 100644 --- a/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/TokenHelperTest.java @@ -70,7 +70,7 @@ void getTenantFromTokenUsingClaimTenantReturnEmptyIfClaimTenantFoundButValueIsNu @DisplayName("getTenantFromTokenUsingClaimIss() return tenant if claim iss is found") @ParameterizedTest - @ValueSource(strings = {"https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc"}) + @ValueSource(strings = { "https://sso.puzzle.ch/auth/realms/pitc", "http://localhost:8544/realms/pitc" }) void getTenantFromTokenUsingClaimIssReturnTenantIfClaimIssFound(String issUrl) { // arrange Jwt tokenMock = mock(Jwt.class); From 2a92f6d63c07997b7ba2063d187150adf1b727fc Mon Sep 17 00:00:00 2001 From: clean-coder Date: Fri, 14 Jun 2024 14:38:03 +0200 Subject: [PATCH 7/7] #943: adopt functional programming style for helper classes --- .../ch/puzzle/okr/security/JwtHelper.java | 60 +++++++++++-------- .../okr/security/helper/ClaimHelper.java | 25 ++++---- .../okr/security/helper/JwtStatusLogger.java | 5 +- .../okr/security/helper/TokenHelper.java | 23 +++---- .../puzzle/okr/security/helper/UrlHelper.java | 9 ++- .../okr/security/helper/UrlHelperTest.java | 27 +++++++-- 6 files changed, 86 insertions(+), 63 deletions(-) diff --git a/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java b/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java index b9c9e62458..fe15d284f1 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java +++ b/backend/src/main/java/ch/puzzle/okr/security/JwtHelper.java @@ -15,8 +15,11 @@ import org.springframework.stereotype.Component; import java.text.MessageFormat; +import java.util.Arrays; +import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.function.Function; import static ch.puzzle.okr.Constants.USER; import static org.springframework.http.HttpStatus.BAD_REQUEST; @@ -25,6 +28,8 @@ public class JwtHelper { public static final String CLAIM_TENANT = "tenant"; public static final String CLAIM_ISS = "iss"; + public static final String ERROR_MESSAGE = "Missing `" + CLAIM_TENANT + "` and '" + CLAIM_ISS + + "' claims in JWT token!"; private static final Logger logger = LoggerFactory.getLogger(JwtHelper.class); @@ -61,36 +66,45 @@ public User getUserFromJwt(Jwt token) { public String getTenantFromToken(Jwt token) { TokenHelper helper = new TokenHelper(); + List>> getTenantFromTokenFunctions = Arrays.asList( // + helper::getTenantFromTokenUsingClaimIss, // + helper::getTenantFromTokenUsingClaimTenant // + ); - Optional tenantUsingClaimIss = helper.getTenantFromTokenUsingClaimIss(token); - if (tenantUsingClaimIss.isPresent()) { - return getMatchingTenantFromConfigOrThrow(tenantUsingClaimIss.get()); - } + return getFirstMatchingTenantUsingListOfHelperFunctions(token, getTenantFromTokenFunctions); + } - Optional tenantUsingClaimTenant = helper.getTenantFromTokenUsingClaimTenant(token); - if (tenantUsingClaimTenant.isPresent()) { - return getMatchingTenantFromConfigOrThrow(tenantUsingClaimTenant.get()); - } + private String getFirstMatchingTenantUsingListOfHelperFunctions(Jwt token, + List>> getTenantFunctions) { - logErrorAndThrowException(CLAIM_TENANT, CLAIM_ISS); - return null; // only to make the compiler happy + return getTenantFunctions.stream() // + .map(func -> func.apply(token)) // + .filter(Optional::isPresent) // + .map(Optional::get) // + .map(this::getMatchingTenantFromConfigOrThrow) // + .findFirst() // + .orElseThrow(() -> new RuntimeException(ERROR_MESSAGE)); } public String getTenantFromJWTClaimsSet(JWTClaimsSet claimSet) { ClaimHelper helper = new ClaimHelper(); + List>> getTenantFromClaimsSetFunctions = Arrays.asList( // + helper::getTenantFromClaimsSetUsingClaimIss, // + helper::getTenantFromClaimsSetUsingClaimTenant // + ); - Optional tenantUsingClaimIss = helper.getTenantFromClaimsSetUsingClaimIss(claimSet); - if (tenantUsingClaimIss.isPresent()) { - return getMatchingTenantFromConfigOrThrow(tenantUsingClaimIss.get()); - } + return getFirstMatchingTenantUsingListOfHelperFunctions(claimSet, getTenantFromClaimsSetFunctions); + } - Optional tenantUsingClaimTenant = helper.getTenantFromClaimsSetUsingClaimTenant(claimSet); - if (tenantUsingClaimTenant.isPresent()) { - return getMatchingTenantFromConfigOrThrow(tenantUsingClaimTenant.get()); - } + private String getFirstMatchingTenantUsingListOfHelperFunctions(JWTClaimsSet claimSet, + List>> getTenantFunctions) { - logErrorAndThrowException(CLAIM_TENANT, CLAIM_ISS); - return null; // only to make the compiler happy + return getTenantFunctions.stream() // + .map(func -> func.apply(claimSet)) // + .filter(Optional::isPresent) // + .map(Optional::get) // + .map(this::getMatchingTenantFromConfigOrThrow).findFirst() // + .orElseThrow(() -> new RuntimeException(ERROR_MESSAGE)); } private String getMatchingTenantFromConfigOrThrow(String tenant) { @@ -100,10 +114,4 @@ private String getMatchingTenantFromConfigOrThrow(String tenant) { .tenantId(); } - private void logErrorAndThrowException(String tenant, String iss) throws RuntimeException { - String errorInfo = "* Missing `" + tenant + "` and '" + iss + "' claims in JWT token!"; - logger.error(errorInfo); - throw new RuntimeException(errorInfo); - } - } \ No newline at end of file diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java index 01a1f44608..9ceb7a4034 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/ClaimHelper.java @@ -14,43 +14,38 @@ public class ClaimHelper { public Optional getTenantFromClaimsSetUsingClaimTenant(JWTClaimsSet claimSet) { try { - String tenant = getTenant(claimSet); - return Optional.ofNullable(tenant); + return getTenant(claimSet); } catch (ParseException e) { logStatus(CLAIM_TENANT, claimSet, e); return Optional.empty(); } } - private static String getTenant(JWTClaimsSet claimSet) throws ParseException { + private Optional getTenant(JWTClaimsSet claimSet) throws ParseException { String tenant = claimSet.getStringClaim(CLAIM_TENANT); logStatus(CLAIM_TENANT, claimSet, tenant); - return tenant; + return Optional.ofNullable(tenant); } public Optional getTenantFromClaimsSetUsingClaimIss(JWTClaimsSet claimSet) { try { - String issUrl = getIssUrl(claimSet); - if (issUrl == null) { - return Optional.empty(); - } - return getTenant(claimSet, issUrl); + return getIssUrl(claimSet).flatMap(url -> getTenant(claimSet, url)); } catch (ParseException e) { logStatus(CLAIM_ISS, claimSet, e); return Optional.empty(); } } - private static String getIssUrl(JWTClaimsSet claimSet) throws ParseException { + private Optional getIssUrl(JWTClaimsSet claimSet) throws ParseException { String issUrl = claimSet.getStringClaim(CLAIM_ISS); logStatus(CLAIM_ISS, claimSet, issUrl); - return issUrl; + return Optional.ofNullable(issUrl); } - private static Optional getTenant(JWTClaimsSet claimSet, String issUrl) { - String tenant = extractTenantFromIssUrl(issUrl); - logStatus(CLAIM_ISS, claimSet, tenant); - return Optional.ofNullable(tenant); + private Optional getTenant(JWTClaimsSet claimSet, String issUrl) { + Optional tenant = extractTenantFromIssUrl(issUrl); + logStatus(CLAIM_ISS, claimSet, tenant.isPresent()); + return tenant; } } diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java b/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java index 280e295b95..ca5d678458 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/JwtStatusLogger.java @@ -10,7 +10,10 @@ public class JwtStatusLogger { private static final Logger logger = LoggerFactory.getLogger(ClaimHelper.class); public static void logStatus(String claim, Object context, String result) { - boolean isOk = result != null; + logStatus(claim, context, result != null); + } + + public static void logStatus(String claim, Object context, boolean isOk) { if (isOk) { logger.info("Tenant: get claim '{}' from {}{}", claim, context.getClass().getSimpleName(), statusToSymbol(isOk)); diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java index ad1eaa4d89..513241cb06 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/TokenHelper.java @@ -12,33 +12,28 @@ public class TokenHelper { public Optional getTenantFromTokenUsingClaimTenant(Jwt token) { - String tenant = getTenant(token); - return Optional.ofNullable(tenant); + return getTenant(token); } - private static String getTenant(Jwt token) { + private Optional getTenant(Jwt token) { String tenant = token.getClaimAsString(CLAIM_TENANT); // can return null logStatus(CLAIM_TENANT, token, tenant); - return tenant; + return Optional.ofNullable(tenant); } public Optional getTenantFromTokenUsingClaimIss(Jwt token) { - String issUrl = getIssUrl(token); - if (issUrl == null) { - return Optional.empty(); - } - return getTenant(token, issUrl); + return getIssUrl(token).flatMap(url -> getTenant(token, url)); } - private String getIssUrl(Jwt token) { + private Optional getIssUrl(Jwt token) { String issUrl = token.getClaimAsString(CLAIM_ISS); // can return null logStatus(CLAIM_ISS, token, issUrl); - return issUrl; + return Optional.ofNullable(issUrl); } private Optional getTenant(Jwt token, String issUrl) { - String tenant = extractTenantFromIssUrl(issUrl); - logStatus(CLAIM_ISS, token, tenant); - return Optional.ofNullable(tenant); + Optional tenant = extractTenantFromIssUrl(issUrl); + logStatus(CLAIM_ISS, token, tenant.isPresent()); + return tenant; } } diff --git a/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java b/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java index b630b654d5..5857e4fa01 100644 --- a/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java +++ b/backend/src/main/java/ch/puzzle/okr/security/helper/UrlHelper.java @@ -1,9 +1,14 @@ package ch.puzzle.okr.security.helper; +import java.util.Optional; + public class UrlHelper { - public static String extractTenantFromIssUrl(String issUrl) { + public static Optional extractTenantFromIssUrl(String issUrl) { + if (issUrl == null) + return Optional.empty(); String[] issUrlParts = issUrl.split("/"); - return issUrlParts[issUrlParts.length - 1]; + String tenant = issUrlParts[issUrlParts.length - 1]; + return Optional.of(tenant); } } diff --git a/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java b/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java index 6d73026ec7..76f71a918e 100644 --- a/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java +++ b/backend/src/test/java/ch/puzzle/okr/security/helper/UrlHelperTest.java @@ -5,7 +5,9 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; -import static org.junit.jupiter.api.Assertions.assertEquals; +import java.util.Optional; + +import static org.junit.jupiter.api.Assertions.*; public class UrlHelperTest { @@ -18,10 +20,11 @@ void extractTenantFromIssUrlReturnTenantIfUrlContainSlash(String issUrl) { // arrange // act - String tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); + Optional tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); // assert - assertEquals(PITC, tenantFromIssUrl); + assertTrue(tenantFromIssUrl.isPresent()); + assertEquals(PITC, tenantFromIssUrl.get()); } @DisplayName("extractTenantFromIssUrl() return input url if url not contains slash") @@ -31,9 +34,23 @@ void extractTenantFromIssUrlReturnInputIfUrlNotContainSlash() { String issUrl = "this_is_not_a_valid_url"; // act - String tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); + Optional tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); + + // assert + assertTrue(tenantFromIssUrl.isPresent()); + assertEquals(issUrl, tenantFromIssUrl.get()); + } + + @DisplayName("extractTenantFromIssUrl() return empty if url is null") + @Test + void extractTenantFromIssUrlReturnEmptyIfUrlIsNull() { + // arrange + String issUrl = null; + + // act + Optional tenantFromIssUrl = UrlHelper.extractTenantFromIssUrl(issUrl); // assert - assertEquals(issUrl, tenantFromIssUrl); + assertTrue(tenantFromIssUrl.isEmpty()); } }